a2b8f065a88513fa236b345fe96db861ed9733e853c243bca38dc02e67f8fb00

Analysis

max time kernel
262s
max time network
444s
platform
windows10-1703_x64
resource
win10-20230220-de
resource tags

arch:x64arch:x86image:win10-20230220-delocale:de-deos:windows10-1703-x64systemwindows
submitted
12/06/2023, 15:49

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Monoxid Opener.zip
Size

21.0MB
MD5

bf86a58bfa4d5932e4b4fcf5f1b72b51
SHA1

db3dc8ad33afa3b15f02c37418e1c3a24873f8e0
SHA256

a2b8f065a88513fa236b345fe96db861ed9733e853c243bca38dc02e67f8fb00
SHA512

2e2ad8fc81b76745612b24a59fe7d15fbeb3807c8dd6747e1491158b8585495967ca502fc740807ee83939ad1bc4d0d47e03c358a64a63780545490a56508a24
SSDEEP

393216:AO3Y0AuF6rAad/pg0Ms8kS9L7X/7T1NpH5iWuNYS:73Y0AVrAG/p5z8kSN7X/H1TCYS

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4712	穽暲聯呚埂璻敍蛃偢井殀砒骰緜鏂伆.exe

Loads dropped DLL 64 IoCs

pid	Process
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe
1188	1.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
57	api.ipify.org
58	api.ipify.org
66	api.ipify.org

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	穽暲聯呚埂璻敍蛃偢井殀砒骰緜鏂伆.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	cmd.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Monoxid_Opener.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3832	1.exe
3832	1.exe
3832	1.exe
3832	1.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4244	firefox.exe
Token: SeDebugPrivilege	4244	firefox.exe
Token: SeDebugPrivilege	4244	firefox.exe
Token: SeDebugPrivilege	4244	firefox.exe
Token: SeDebugPrivilege	4244	firefox.exe
Token: SeDebugPrivilege	4244	firefox.exe
Token: SeDebugPrivilege	3832	1.exe
Token: SeDebugPrivilege	4712	穽暲聯呚埂璻敍蛃偢井殀砒骰緜鏂伆.exe
Token: SeDebugPrivilege	1188	1.exe
Token: SeTakeOwnershipPrivilege	4712	穽暲聯呚埂璻敍蛃偢井殀砒骰緜鏂伆.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe
4244	firefox.exe
4712	穽暲聯呚埂璻敍蛃偢井殀砒骰緜鏂伆.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 3996 wrote to memory of 4244	3996	firefox.exe	71
PID 4244 wrote to memory of 2200	4244	firefox.exe	72
PID 4244 wrote to memory of 2200	4244	firefox.exe	72
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 3924	4244	firefox.exe	73
PID 4244 wrote to memory of 2956	4244	firefox.exe	74
PID 4244 wrote to memory of 2956	4244	firefox.exe	74
PID 4244 wrote to memory of 2956	4244	firefox.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Monoxid Opener.zip"
1⤵
PID:1740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.0.1439102503\2114254597" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1660 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da2595c2-b54d-405e-87ef-3b266e58f41c} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 1764 1753d3f4e58 gpu
    3⤵
    PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.1.511132437\1763777448" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b333944e-1be1-4823-b814-b08cd191964b} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 2120 1753d30fe58 socket
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.2.764723034\696576855" -childID 1 -isForBrowser -prefsHandle 1576 -prefMapHandle 2772 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {850a9293-6c2e-4351-82eb-68c5307710cc} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 2956 1753d391658 tab
    3⤵
    PID:2956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.3.1561702051\1057356429" -childID 2 -isForBrowser -prefsHandle 2264 -prefMapHandle 2152 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5c6cbcc-f332-4d84-8057-e9895b619c6a} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 1064 17531c5d358 tab
    3⤵
    PID:4268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.4.436260652\762072493" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8cc97f6-6402-47a9-9a39-96c39e80efa6} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 3740 17531c6ee58 tab
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.5.1985148902\1570363721" -childID 4 -isForBrowser -prefsHandle 4736 -prefMapHandle 4732 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84284005-6679-4f8c-9b6e-7984df838d8d} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 4748 17543cdf258 tab
    3⤵
    PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.6.1902587548\1410398195" -childID 5 -isForBrowser -prefsHandle 4892 -prefMapHandle 4896 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14a958c2-0ea8-4893-ad37-a4fd497bf7b3} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 4884 17543cdd458 tab
    3⤵
    PID:928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.7.33149820\1025306132" -childID 6 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d4e40c7-6614-4bae-a3f1-275950289132} 4244 "\\.\pipe\gecko-crash-server-pipe.4244" 4772 17543cdd758 tab
    3⤵
    PID:592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\run.bat" "
1⤵
- Modifies registry class
PID:1000
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\2.vbs"
  2⤵
  PID:1204
- C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe
  1.exe
  2⤵
  PID:2528
- - C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe
    1.exe
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3832
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4852

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\main.vbs"
1⤵
PID:2844

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\run.bat
1⤵
PID:2100

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\run.bat" "
1⤵
- Modifies registry class
PID:3388
- C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\3.exe
  3.exe
  2⤵
  PID:3700
- - C:\Users\Admin\AppData\Local\Temp\穽暲聯呚埂璻敍蛃偢井殀砒骰緜鏂伆.exe
    "C:\Users\Admin\AppData\Local\Temp\穽暲聯呚埂璻敍蛃偢井殀砒骰緜鏂伆.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4712
  - - C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe
      "C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe"
      4⤵
      PID:1640
    - - C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe
        
        "C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe"
        5⤵
        
        PID:1304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:3380
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
        6⤵
        
        PID:4972
        
        C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        7⤵
        
        PID:2216
  - - C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe"
      4⤵
      PID:2440
  - - C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
      "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"
      4⤵
      PID:4448
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Program Files\DisableUse.ps1"
      4⤵
      PID:1036
  - - C:\Program Files\Java\jdk1.8.0_66\bin\java.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\java.exe"
      4⤵
      PID:4736
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files\Java\jdk1.8.0_66\db\bin\derby_common.bat" "
      4⤵
      PID:4384
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\README.TXT
      4⤵
      PID:4064
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css
      4⤵
      PID:1224
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css
      4⤵
      PID:972
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt
      4⤵
      PID:1776
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.INF
      4⤵
      PID:3996
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.INF
      4⤵
      PID:2844
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.INF
      4⤵
      PID:4524
  - - C:\Windows\hh.exe
      "C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHM
      4⤵
      PID:4668
  - - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
      "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
      4⤵
      PID:3068
  - - C:\Program Files\Mozilla Firefox\maintenanceservice.exe
      "C:\Program Files\Mozilla Firefox\maintenanceservice.exe"
      4⤵
      PID:4056
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Mozilla Firefox\platform.ini
      4⤵
      PID:1552
  - - C:\Program Files\Mozilla Firefox\updater.exe
      "C:\Program Files\Mozilla Firefox\updater.exe"
      4⤵
      PID:5036
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\SplitRedo.ini
      4⤵
      PID:3404
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\UnregisterRead.css
      4⤵
      PID:1200
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\2.vbs"
  2⤵
  PID:2252
- C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe
  1.exe
  2⤵
  PID:3804
- - C:\Users\Admin\Downloads\Monoxid_Opener\Monoxid Opener\dll\1.exe
    1.exe
    3⤵
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1188
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:1220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0
1⤵
PID:3864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:64

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3328

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:8

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:2840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:4404

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3996

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3208

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4436

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4012

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
145KB

MD5
ada8621fa653fb12c2bd553300650205

SHA1
83fa5b87bbdca1fba3556128e3f435aabda4889a

SHA256
5c9735a177762e4b9692876b3dca56756e8732c411e74388c10479ce5b5e7bdd

SHA512
5af0a20ba54d8493be991d43f96c10645cb67303ec84e29015e48e8c3ad1a59868b07ee3eee456382bd479376fc40d8c1a19ab8900cf96773a1e6c4a3297f729

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
9d14b7ee62e14738b73d19ddea99200c

SHA1
8ea4a1390538d84908601c85ca0b046c8b689e5f

SHA256
a813ca9c549e4c2ed657af4ae12f6b9363ce7469b544de47699579589dc64a24

SHA512
3bca87c29e1b7d3e2a336a32c6eb0f51f99514f32e3907f2feac3b97f0d8b8051c54d3f12fa9eb011c56cf1d7fe9b1d9a28091ff04eaf4477064b7f1f23b12af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16402\cryptography-41.0.1.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\Crypto\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
ff2c1c4a7ae46c12eb3963f508dad30f

SHA1
4d759c143f78a4fe1576238587230acdf68d9c8c

SHA256
73cf4155df136db24c2240e8db0c76bedcbb721e910558512d6008adaf7eed50

SHA512
453ef9eed028ae172d4b76b25279ad56f59291be19eb918de40db703ec31cddf60dce2e40003dfd1ea20ec37e03df9ef049f0a004486cc23db8c5a6b6a860e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
821aaa9a74b4ccb1f75bd38b13b76566

SHA1
907c8ee16f3a0c6e44df120460a7c675eb36f1dd

SHA256
614b4f9a02d0191c3994205ac2c58571c0af9b71853be47fcf3cb3f9bc1d7f54

SHA512
9d2ef8f1a2d3a7374ff0cdb38d4a93b06d1db4219bae06d57a075ee3dff5f7d6f890084dd51a972ac7572008f73fde7f5152ce5844d1a19569e5a9a439c4532b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_cffi_backend.cp311-win_amd64.pyd

Filesize
177KB

MD5
fde9a1d6590026a13e81712cd2f23522

SHA1
ca99a48caea0dbaccf4485afd959581f014277ed

SHA256
16eccc4baf6cf4ab72acd53c72a1f2b04d952e07e385e9050a933e78074a7d5b

SHA512
a522661f5c3eeea89a39df8bbb4d23e6428c337aac1d231d32b39005ea8810fce26af18454586e0e94e51ea4ac0e034c88652c1c09b1ed588aeac461766981f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_sqlite3.pyd

Filesize
117KB

MD5
ffb03c18ed0f340fe9d86abaa9eef835

SHA1
d6295d7a100414ce76797c826d2d3c0b4df0c80e

SHA256
1d4e17237a10b68d16634fc9698edf342b40478d92fa15d574d212c7a44b05bb

SHA512
e911ce6e6b5de50696d7e7f14560c90b83c1179a946d2f5ddcf6fcf797c031dc65b42300685e97cfdc592bae5f974cc31c81d2e12994cd9c28d3f67df282dda5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\base_library.zip

Filesize
1.7MB

MD5
ebb4f1a115f0692698b5640869f30853

SHA1
9ba77340a6a32af08899e7f3c97841724dd78c3f

SHA256
4ab0deb6a298d14a0f50d55dc6ce5673b6c5320817ec255acf282191642a4576

SHA512
3f6ba7d86c9f292344f4ad196f4ae863bf936578dd7cfac7dc4aaf05c2c78e68d5f813c4ed36048b6678451f1717deeb77493d8557ee6778c6a70beb5294d21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
fa50d9f8bce6bd13652f5090e7b82c4d

SHA1
ee137da302a43c2f46d4323e98ffd46d92cf4bef

SHA256
fff69928dea1432e0c7cb1225ab96f94fd38d5d852de9a6bb8bf30b7d2bedceb

SHA512
341cec015e74348eab30d86ebb35c028519703006814a2ecd19b9fe5e6fcb05eda6dde0aaf4fe624d254b0d0180ec32adf3b93ee96295f8f0f4c9d4ed27a7c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
113KB

MD5
2d1f2ffd0fecf96a053043daad99a5df

SHA1
b03d5f889e55e802d3802d0f0caa4d29c538406b

SHA256
207bbae9ddf8bdd64e65a8d600fe1dd0465f2afcd6dc6e28d4d55887cd6cbd13

SHA512
4f7d68f241a7f581e143a010c78113154072c63adff5f200ef67eb34d766d14ce872d53183eb2b96b1895aa9c8d4ca82ee5e61e1c5e655ff5be56970be9ebe3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\python3.DLL

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\sqlite3.dll

Filesize
1.4MB

MD5
35f55e2ad0ae11a273408cfeff75b1ab

SHA1
672bff2dea4351e1245806e6af7f1be5da9dd055

SHA256
919572560c314e46b1dba56418bbb50e1620c0af328aec394eaff580c58f2fc5

SHA512
b84a42b42a710cd5fe91def37207200141a03a8e93488d05099115f16961255248aa74c3a9800a82a0c4eb79348b570ca1a2bfa4e3168b5359ce063a688d26a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25282\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
2f68e758cc8a2fd87e37fb1b1b722421

SHA1
6b1770221c170c2441b4c04ad2abaf9a543f3fee

SHA256
53b43caba8843f408b438522b2799fd9da43f2e3a37034e7a4fdaaa9eebcf0c7

SHA512
cc3419e0085637fe4954d707269f2d7131de707cac35e1c136fa7f3178e43959e592ed8a09af8ed88fc8cdec88252cb4a52d53b4215e8a48121c3e82a30a0728

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
6KB

MD5
4c488576f9284743915a8c85b2e22dc3

SHA1
8573f43af57a9602e9aaa2aee72e8cd6372ff98b

SHA256
52cde09e90530c6ae355b8ff4c2802729590cd569243ad7b3fff724399d2402d

SHA512
27a44793a5ecaf253ecbc13230b1495e9f74764672e1084061de37167993451c973e821e56879f284f00414d9521429632d1ed20c1ec3e192f108d46258ff41c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js

Filesize
6KB

MD5
c205c8a6591363331cd60c7286ad4ac1

SHA1
7d4c89374e88116484984f5d0b5df0d59aa63ecf

SHA256
81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

SHA512
fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
272537e5b89f230cfe7ee75c2170a8da

SHA1
c1cee25d53bd766f51636c900d9350fea601d41c

SHA256
9584d7c30eb6e5786ee000a69a552eed44f24583a204026904cbf0cb484f3a3d

SHA512
67b4087b5346a0d1e652472c80f941e30a2c31757ae456f270eb384285c6d9bbb5d7a76f1236c446b53a67144145eb8d333805796e245a3fc9e2109e45966196

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b10af2237df277ad175a7f6813c7d567

SHA1
53506d616ec57238521b740875e47cbe56e546c3

SHA256
8ff3a1babb866d3094c9489609d3af8f52ed04391fc5afa98f0d8c835ad21a0d

SHA512
3bcc1efc9bbed96e54a2110f5fa67ef9255fac6efdd75d9dbb781becb4893583efa94ad1c5c94e7f8e3ba25d53fe40b436cd3e03f5186ec6797ca6c25af80edd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore.jsonlz4

Filesize
1017B

MD5
283c59c023ec1220ed9348bd498b367f

SHA1
60ccb9d60db55c4a81a3056e5a989c4bf486b6a2

SHA256
50e184b73c72e0b2e65751496e85b92237a1dde0e00d6dfcf988bb9fd722bd82

SHA512
528c55d582b9744b01b624098bb1f3d31b985319882d9a74a8f84cf9135f230faa631af88c6eec49be1d43179ade70d408a05b605ca5c83854ae562185225535

Download Submit
C:\Users\Admin\Downloads\Monoxid_Opener.Hv5Xv3tF.zip.part

Filesize
21.0MB

MD5
bf86a58bfa4d5932e4b4fcf5f1b72b51

SHA1
db3dc8ad33afa3b15f02c37418e1c3a24873f8e0

SHA256
a2b8f065a88513fa236b345fe96db861ed9733e853c243bca38dc02e67f8fb00

SHA512
2e2ad8fc81b76745612b24a59fe7d15fbeb3807c8dd6747e1491158b8585495967ca502fc740807ee83939ad1bc4d0d47e03c358a64a63780545490a56508a24

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\Crypto\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
ff2c1c4a7ae46c12eb3963f508dad30f

SHA1
4d759c143f78a4fe1576238587230acdf68d9c8c

SHA256
73cf4155df136db24c2240e8db0c76bedcbb721e910558512d6008adaf7eed50

SHA512
453ef9eed028ae172d4b76b25279ad56f59291be19eb918de40db703ec31cddf60dce2e40003dfd1ea20ec37e03df9ef049f0a004486cc23db8c5a6b6a860e7b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
821aaa9a74b4ccb1f75bd38b13b76566

SHA1
907c8ee16f3a0c6e44df120460a7c675eb36f1dd

SHA256
614b4f9a02d0191c3994205ac2c58571c0af9b71853be47fcf3cb3f9bc1d7f54

SHA512
9d2ef8f1a2d3a7374ff0cdb38d4a93b06d1db4219bae06d57a075ee3dff5f7d6f890084dd51a972ac7572008f73fde7f5152ce5844d1a19569e5a9a439c4532b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_cffi_backend.cp311-win_amd64.pyd

Filesize
177KB

MD5
fde9a1d6590026a13e81712cd2f23522

SHA1
ca99a48caea0dbaccf4485afd959581f014277ed

SHA256
16eccc4baf6cf4ab72acd53c72a1f2b04d952e07e385e9050a933e78074a7d5b

SHA512
a522661f5c3eeea89a39df8bbb4d23e6428c337aac1d231d32b39005ea8810fce26af18454586e0e94e51ea4ac0e034c88652c1c09b1ed588aeac461766981f4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_sqlite3.pyd

Filesize
117KB

MD5
ffb03c18ed0f340fe9d86abaa9eef835

SHA1
d6295d7a100414ce76797c826d2d3c0b4df0c80e

SHA256
1d4e17237a10b68d16634fc9698edf342b40478d92fa15d574d212c7a44b05bb

SHA512
e911ce6e6b5de50696d7e7f14560c90b83c1179a946d2f5ddcf6fcf797c031dc65b42300685e97cfdc592bae5f974cc31c81d2e12994cd9c28d3f67df282dda5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
fa50d9f8bce6bd13652f5090e7b82c4d

SHA1
ee137da302a43c2f46d4323e98ffd46d92cf4bef

SHA256
fff69928dea1432e0c7cb1225ab96f94fd38d5d852de9a6bb8bf30b7d2bedceb

SHA512
341cec015e74348eab30d86ebb35c028519703006814a2ecd19b9fe5e6fcb05eda6dde0aaf4fe624d254b0d0180ec32adf3b93ee96295f8f0f4c9d4ed27a7c0c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
113KB

MD5
2d1f2ffd0fecf96a053043daad99a5df

SHA1
b03d5f889e55e802d3802d0f0caa4d29c538406b

SHA256
207bbae9ddf8bdd64e65a8d600fe1dd0465f2afcd6dc6e28d4d55887cd6cbd13

SHA512
4f7d68f241a7f581e143a010c78113154072c63adff5f200ef67eb34d766d14ce872d53183eb2b96b1895aa9c8d4ca82ee5e61e1c5e655ff5be56970be9ebe3e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\sqlite3.dll

Filesize
1.4MB

MD5
35f55e2ad0ae11a273408cfeff75b1ab

SHA1
672bff2dea4351e1245806e6af7f1be5da9dd055

SHA256
919572560c314e46b1dba56418bbb50e1620c0af328aec394eaff580c58f2fc5

SHA512
b84a42b42a710cd5fe91def37207200141a03a8e93488d05099115f16961255248aa74c3a9800a82a0c4eb79348b570ca1a2bfa4e3168b5359ce063a688d26a4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25282\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
memory/8-2348-0x00000207A4E30000-0x00000207A4E31000-memory.dmp

Filesize
4KB

Download
memory/8-2329-0x00000207A0770000-0x00000207A0780000-memory.dmp

Filesize
64KB

Download
memory/8-2350-0x00000207A4F70000-0x00000207A4F72000-memory.dmp

Filesize
8KB

Download
memory/8-2352-0x00000207A57F0000-0x00000207A57F2000-memory.dmp

Filesize
8KB

Download
memory/8-2353-0x00000207A5A30000-0x00000207A5A32000-memory.dmp

Filesize
8KB

Download
memory/8-2354-0x00000207A4FD0000-0x00000207A4FD2000-memory.dmp

Filesize
8KB

Download
memory/8-2357-0x00000207A4E30000-0x00000207A4E31000-memory.dmp

Filesize
4KB

Download
memory/8-2361-0x00000207A4D80000-0x00000207A4D81000-memory.dmp

Filesize
4KB

Download
memory/8-2311-0x00000207A0520000-0x00000207A0530000-memory.dmp

Filesize
64KB

Download